kinst_1_395.exe

Kingsoft Internet Security

Beijing Kingsoft Security software Co.,Ltd

Publisher:
Kingsoft Corporation  (signed by Beijing Kingsoft Security software Co.,Ltd)

Product:
Kingsoft Internet Security

Description:
Kingsoft Install Tool

Version:
2015,08,07,13928

MD5:
3035693137f153ef3e1213a945d33e00

SHA-1:
175f680ed04a381663a594189750b450a1f86229

SHA-256:
646be34566c6b635f9d32fdd54ae7824255a363de2a12d084a1797c3c43ad3a1

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 2:13:11 AM UTC  (today)

File size:
1.1 MB (1,167,184 bytes)

Product version:
9,3,244550,13928

Copyright:
Copyright (C) 1998-2015 Kingsoft Corporation

Original file name:
KInstallTool.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\kinst_1_395.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
12/29/2014 8:00:00 AM

Valid to:
1/29/2016 7:59:59 AM

Subject:
CN="Beijing Kingsoft Security software Co.,Ltd", OU=IT, O="Beijing Kingsoft Security software Co.,Ltd", L=beijing, S=beijing, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
7A1FE7676A4849DAEE2BFFC4A4FF4BD3

File PE Metadata
Compilation timestamp:
8/7/2015 5:49:49 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:EajdfaPxG9nn8j47jM1hubVwm2I45pqLrldE0eQiUMBD:EajdfapG9nn8kfY2VF2J5pqLrldEyiU+

Entry address:
0x94DF9

Entry point:
E8, AF, E5, 00, 00, E9, 17, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 51, 8D, 4C, 24, 04, 2B, C8, 1B, C0, F7, D0, 23, C8, 8B, C4, 25, 00, F0, FF, FF, 3B, C8, 72, 0A, 8B, C1, 59, 94, 8B, 00, 89, 04, 24, C3, 2D, 00, 10, 00, 00, 85, 00, EB, E9, 56, 8B, 74, 24, 08, 85, F6, 7C, 09, E8, F8, E5, 00, 00, 3B, 30, 7C, 07, E8, EF, E5, 00, 00, 8B, 30, E8, EE, E5, 00, 00, 8B, 04, B0, 5E, C3, 53, 56, E8, 0C, 61, 00, 00, 8B, F0, 33, DB, 3B, F3, 75, 07, B8, B8, 21, 4F, 00, EB, 4E, 39, 5E, 24, 57, BF...
 
[+]

Entropy:
6.6955

Code size:
788 KB (806,912 bytes)

The file kinst_1_395.exe has been seen being distributed by the following 21 URLs.

http://w.x.baidu.com/alading/.../23411

http://cd001.www.duba.net/duba/install/2011/.../kinst_168_141.exe

http://www.zheerxia.com/route.php?ct=stat&ac=stat_ads&id=jik9&g=aHR0cDovL2NkMDAxLnd3dy5kdWJhLm5ldC9kdWJhL2luc3RhbGwvMjAxMS9ldmVyL2tpbnN0XzE2OF82MC5leGU=

http://203.204.200.1/cd001.www.duba.net/duba/install/2011/.../kinst_168_1.exe

http://103.1.138.139/cd001.www.duba.net/duba/install/2011/.../kinst_72_1.exe

http://113.171.224.245/.../kinst_168_1.exe

Scan kinst_1_395.exe - Powered by Reason Core Security